Although adversarial examples and model robustness have been extensively studied in the context of linear models neural networks, research on this issue tree-based how to make robust against is still limited. In paper, we show that tree based are also vulnerable develop a novel algorithm learn trees. At its core, our method aims optimize performance under worst-case perturbation input features, which leads max-min saddle point problem. Incorporating objective into decision building procedure non-trivial due discrete nature trees --- naive approach finding best split according will take exponential time. To practical scalable, propose efficient algorithms by approximating inner minimizer problem, present implementations for classical information gain as well state-of-the-art boosting such XGBoost. Experimental results real world datasets demonstrate proposed can substantially improve examples.

Load

Load